PT-2023-13990 · Tibco Software · Tibco Hawk+1

Published

2023-02-14

Updated

2023-02-22

CVE-2022-41564

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TIBCO Hawk versions 6.1.0 through 6.2.1 TIBCO Operational Intelligence Hawk RedTail versions 7.0.0 through 7.2.0

Description The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user.

Recommendations For TIBCO Hawk versions 6.1.0 through 6.2.1, update to a version outside of this range to resolve the issue. For TIBCO Operational Intelligence Hawk RedTail versions 7.0.0 through 7.2.0, update to a version outside of this range to resolve the issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2022-41564

Affected Products

Tibco Hawk

Tibco Operational Intelligence Hawk Redtail

PT-2023-13990 · Tibco Software · Tibco Hawk+1

CVE-2022-41564

Weakness Enumeration

Related Identifiers

Affected Products

References · 4